Public Cloud London Meetup - Kubernetes at Christmas - 8th December 2022

Transcript

1. Look Ma, no sidecars! Alessandro Vozza, Solo.io

2. 2 | Copyright © 2022 Developer Advocate Santa Cloud Solo.io

   [email protected] Who am I Alessandro Vozza

3. 3 | Copyright © 2022 Istio - The Industry’s Leading

   Service Mesh 2017 Istio Launched 2022 Ambient Mesh Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Customers ~ 1000 Community Contributors 2022 CNCF 2019-2022

4. 4 | Copyright © 2022 Traditional Sidecar mode

5. 5 | Copyright © 2022

6. 6 | Copyright © 2022 “The best way to predict

   the future is to invent it.” — Alan Kay

7. 7 | Copyright © 2022 Introducing Istio Ambient Mesh 7

   | Copyright © 2022 A new, open source contribution to the Istio project, that defines a new sidecar-less data plane. Solo.io and Google are the lead contributors to Istio Ambient Mesh. Cost Reduction Simplify Operations Improve Performance

8. 8 | Copyright © 2022 What is Istio Ambient Mesh?

   P P P P P P P P P P P P P P P P P P Proxy Istio Sidecar Data Plane 1 Pod/Container = 1 Proxy Ambient Mesh Data Plane 1 Node = 1 Proxy Move from Sidecar Proxy per-pod architecture to a Proxy per-node architecture. “Making the Mesh Transparent to Applications” • Reduced Compute Cost • Improve Business Continuity • Increase Business Flexibility • Simplified Operations • Reduced Maintenance • Simplified Upgrades • Easier to Add Applications • Less Day-2-Day Complexity • Adapt to Application Needs • Offer SLAs for Applications • Many Apps = 1 Platform Application Team • Mesh is transparent to Apps • Applications won’t break • Flexible Performance Available • Manage Security vs Performance Business Owner Platform Team

9. 9 | Copyright © 2022 Istio enables Zero-Trust Security P

   P P P P P P P P P P P P P P P P P L4 Proxy P P P P P P P P P P P P P P P P P P Istio Security with Sidecar Proxy Istio Security with Ambient Mesh L4 Proxy L7 Proxy • All traffic goes through Proxy • Proxy manages mTLS, Identity • Proxy manages L7 Application Filters | Policies • All traffic goes through Proxy • L4 Proxy manages mTLS, Identity • L7 Proxy manages L7 Application Filters | Policies

10. 10 | Copyright © 2022 Gloo Mesh - The Future

    of Service Mesh Built on Istio P P P P P P P P P P P P Proxy Istio Control Plane Istio Control Plane Multi-Cluster Control Plane Istio Sidecar Data Plane Ambient Mesh Data Plane API Gateway Kubernetes Ingress Microservices Security, Observability Kubernetes CNI Network Policy

11. 11 | Copyright © 2022 What is Istio Ambient Mesh?

    Reduce Costs Blog: https://www.solo.io/blog/what-istio-ambient-mesh-means-for-your-wallet/

12. 12 | Copyright © 2022 https://sched.co/1AzsT

13. 13 | Copyright © 2022 https://sched.co/1AzsT

14. 14 | Copyright © 2022 https://sched.co/1AzsT

15. 15 | Copyright © 2022 Architecture: Visualizing ztunnel

16. 16 | Copyright © 2022 Architecture: Visualizing ztunnel

17. 17 | Copyright © 2022 HBONE - The protocol used

    to connect nodes HTTP Based Overlay Network Encapsulation protocol source: https://www.solo.io/blog/understanding-istio-ambient-ztunnel-and-secure-overlay/

18. 18 | Copyright © 2022 https://www.solo.io/blog/istio-1-16-ambient-mesh/ https://www.solo.io/blog/rust-ztunnel-istio-ambient-mesh/

19. 19 | Copyright © 2022 Demo time The are no

    demo gods | https://github.com/coding-kitties/kubernetes-ambient-service-mesh

20. 20 | Copyright © 2022 Solo Academy - Our Community

    Expertise is Growing 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75

21. 21 | Copyright © 2022 https://slack.solo.io/

22. 22 | Copyright © 2022 Amsterdam - 23rd& 24th February

    2023 https://cloudnative.amsterdam [email protected] 450+ attendees + talks+workshops+communities = awesome

23. 23 | Copyright © 2022

24. • https://solo.io • https://solo.io/blog • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io

    • https://istio.io • https://webassemblyhub.io Thank You